Recently a lot of newsworthy security incidents have taken place. A common thread through many is not that they were sophisticated or required lots of time to plan and execute, or even that the victim had not invested in a lot of whizbang security technology which led to them not noticing the attack. The common thread much more simple: that fundamental security measures were not being taken by the organisation. Things like turning off accounts when people left the organisation, removing disused technology from the network, and the reuse of passwords by staff amongst public-facing and internal systems.
The fundamentals make it easy for attackers to get into networks and systems, both enterprise and personal, and are all things that we can each work on individually and within our organisations to improve and make the attacks that much harder for the bad actors to execute. This week's episode discusses those fundamentals and how to approach them.